I've been thinking about this as well; the results I could find are from quite a while ago, but in general the answer is to use a reversible encryption like AES [1] along with secure storage of the encryption key [2], preferably on another server or in an isolated part of the server. Not particularly satisfying, is it...